diff options
| author | Eric Biggers <[email protected]> | 2022-02-07 21:24:48 -0800 |
|---|---|---|
| committer | Jarkko Sakkinen <[email protected]> | 2022-03-10 01:47:13 +0200 |
| commit | 590bfb57b2328951d5833979e7ca1d5fde2e609a (patch) | |
| tree | 4fee9526ed2b6ffa3522c7a9931bbd4e1c5cfd3f /drivers/fpga/fpga-mgr.c | |
| parent | 2abc9c246e0548e52985b10440c9ea3e9f65f793 (diff) | |
KEYS: asymmetric: properly validate hash_algo and encoding
It is insecure to allow arbitrary hash algorithms and signature
encodings to be used with arbitrary signature algorithms. Notably,
ECDSA, ECRDSA, and SM2 all sign/verify raw hash values and don't
disambiguate between different hash algorithms like RSA PKCS#1 v1.5
padding does. Therefore, they need to be restricted to certain sets of
hash algorithms (ideally just one, but in practice small sets are used).
Additionally, the encoding is an integral part of modern signature
algorithms, and is not supposed to vary.
Therefore, tighten the checks of hash_algo and encoding done by
software_key_determine_akcipher().
Also rearrange the parameters to software_key_determine_akcipher() to
put the public_key first, as this is the most important parameter and it
often determines everything else.
Fixes: 299f561a6693 ("x509: Add support for parsing x509 certs with ECDSA keys")
Fixes: 215525639631 ("X.509: support OSCCA SM2-with-SM3 certificate verification")
Fixes: 0d7a78643f69 ("crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm")
Cc: [email protected]
Tested-by: Stefan Berger <[email protected]>
Tested-by: Tianjia Zhang <[email protected]>
Signed-off-by: Eric Biggers <[email protected]>
Reviewed-by: Vitaly Chikunov <[email protected]>
Reviewed-by: Jarkko Sakkinen <[email protected]>
Signed-off-by: Jarkko Sakkinen <[email protected]>
Diffstat (limited to 'drivers/fpga/fpga-mgr.c')
0 files changed, 0 insertions, 0 deletions